Saturday, February 26, 2005
wireless security: hotspotvpn.com review
Your grandparents or great-grandparents may have gotten their phone service on a "party line", in which everyone in the neighborhood was an extension on a single phone line. Anyone could pick up the phone and hear anyone else's conversation.
Wi-Fi hotspots have the same problem. Everyone's on the same radio channel. Clever electronics keep people from interfering with each other, but anyone who wants to can hear everything that's going over the air.
How often do people eavesdrop? Nobody knows in general. At security conferences it's all but guaranteed. Anywhere else, well, the tools to eavesdrop are free.
Someone who can read your data won't get anywhere if the data are electronically scrambled, "encrypted" with a secret code. Your credit card transactions are protected this way (look for a lock icon at the bottom right of your browser window). Your logins to web-based email systems are often encrypted: Google's mail service, gmail, is one that does this right.
You may be exposed when you read your email. Most web-based email services don't offer encrypted links for reading your mail. Again, gmail is an honorable exception: just change "http" to "https" in the address and you're protected.
Even worse, the vast majority of non-Web based email servers make you send your password in the clear. There's no excuse for that any more. Email programs today know ways to log in that protect the password from snoopers. ISPs simply don't bother supporting the option. One game played at one security conference was to post email passwords of Wi-Fi users on a bulletin board.
So, how do you protect yourself?
Well, inevitably there's an acronym involved, which is "VPN". It stands for "Virtual Private Network". Your computer joins a local area network somewhere away from the Wi-Fi hotspot, as if your computer were physically there. What makes it "private" is that all the communication between your computer and that other network is encrypted. Someone listening in at the hotspot only sees gibberish.
You can rent a connection to a VPN. I just tested a commercial VPN service to protect your privacy at hotspots. They're called hotspotvpn.com, and I found the setup painless (on Windows) until it got into a fight with Zone Alarm, which I was able to fix on my own. It worked reliably. I thought the sales pitch on their home page was a bit over the top, but their support forum (still getting fleshed out) has useful and honest information. I was impressed when gtaylor, their support guy, correctly explained the security tradeoffs of the security protocol they use!
I meant to try it under Linux, OpenBSD and Mac OS X but my subscription to their service expired before the antibiotics made it possible to work again. One customer in the support forum said he's gotten it working with Linux. My research makes it look like setting up a connection from Linux is Not For Normal People.
Yes, you can also use their service to secure Internet traffic from your home wireless network, if for some reason you can't get security working on your own.
|
Wi-Fi hotspots have the same problem. Everyone's on the same radio channel. Clever electronics keep people from interfering with each other, but anyone who wants to can hear everything that's going over the air.
How often do people eavesdrop? Nobody knows in general. At security conferences it's all but guaranteed. Anywhere else, well, the tools to eavesdrop are free.
Someone who can read your data won't get anywhere if the data are electronically scrambled, "encrypted" with a secret code. Your credit card transactions are protected this way (look for a lock icon at the bottom right of your browser window). Your logins to web-based email systems are often encrypted: Google's mail service, gmail, is one that does this right.
You may be exposed when you read your email. Most web-based email services don't offer encrypted links for reading your mail. Again, gmail is an honorable exception: just change "http" to "https" in the address and you're protected.
Even worse, the vast majority of non-Web based email servers make you send your password in the clear. There's no excuse for that any more. Email programs today know ways to log in that protect the password from snoopers. ISPs simply don't bother supporting the option. One game played at one security conference was to post email passwords of Wi-Fi users on a bulletin board.
So, how do you protect yourself?
Well, inevitably there's an acronym involved, which is "VPN". It stands for "Virtual Private Network". Your computer joins a local area network somewhere away from the Wi-Fi hotspot, as if your computer were physically there. What makes it "private" is that all the communication between your computer and that other network is encrypted. Someone listening in at the hotspot only sees gibberish.
You can rent a connection to a VPN. I just tested a commercial VPN service to protect your privacy at hotspots. They're called hotspotvpn.com, and I found the setup painless (on Windows) until it got into a fight with Zone Alarm, which I was able to fix on my own. It worked reliably. I thought the sales pitch on their home page was a bit over the top, but their support forum (still getting fleshed out) has useful and honest information. I was impressed when gtaylor, their support guy, correctly explained the security tradeoffs of the security protocol they use!
I meant to try it under Linux, OpenBSD and Mac OS X but my subscription to their service expired before the antibiotics made it possible to work again. One customer in the support forum said he's gotten it working with Linux. My research makes it look like setting up a connection from Linux is Not For Normal People.
Yes, you can also use their service to secure Internet traffic from your home wireless network, if for some reason you can't get security working on your own.
# posted by Frederick @ 2:10 PM Email to a friend:
Haloscan: they provide trackback